I was reading the "Metasploit: The Penetration Tester's Guide" and discovered some new techniques to compromise systems or escalate privileges (such as token impersonization). However they used Metasploit modules for it. Since PWB course doesn't permit Metasploit how could we achieve the same effect with what is allowed to us. Please let me know your thoughts and feedback on this. Thanks all.

Well, PWB doesn't allow Metasploit to be used against EVERY exam target, but against specific boxes, it was allowed (at least when I took it.) You'll learn that in the exam docs...

That said, many Metasploit modules are just front ends to other, existing exploits. Your job is either to A.) figure out how to port and use the same exploits outside of MSF, or B.) understand what it's doing, and find another tool or method to accomplish it.

I can tell you that, while MSF is permissible on specific exam machines, I didn't use it on ANY when I passed the exam.

That said, though, without more specific details about the various things you want to accomplish (I know you mentioned token impersonization, and offhand, I don't recall any scenario in the PWB labs, even, where I needed MSF for that,) it's hard to point you towards other tools.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'